Not all companies think about working with a security awareness partner. But with the importance of security awareness on the rise, it makes sense to consider finding a good security awareness partner to work with.
Think about it.
Working with a security awareness partner makes sense
The average age of infosec professionals is 41 (Source: Data USA). When someone’s working life can stretch well into their 70s, that’s not very old. Information security is a young industry and a rapidly changing one, and anyone who works in the sector needs to be dynamic too, whatever age they are.
They need the agility to address both the changing nature of threats and their frequency, and also the constant state of change in their organisation as it seeks to remain competitive and relevant in the digital age.
In our last blog, How to avoid a loathsome Education and Awareness job, we talked about how important it is to make the right decisions in your career and choose the best place to work. These days, you still only have a relatively few jobs in your career and every job is an opportunity to advance and improve. Your working environment plays an important part in in your success, which is why we advocate using a job interview as an opportunity to ask your prospective employer lots of questions.
A career in infosec can be extremely challenging and years of working with those challenges can create burnout. One reason why some more experienced people are leaving the sector meaning it becomes more of a young man or woman’s game.
Creating long-term strategic partnerships with clients
It’s hard to employ a team with all the expertise and experience you need, especially when things change so quickly, and you’d need several degrees to stay on top of every relevant area of study.
Speaking at the CyberUK conference in Glasgow last month, Scott Jones, Head of the Canadian Centre for Cyber Security, identified the changing nature of infosec in saying that he and his team “need social scientists as much as computer scientists”. It’s this skill set and experience that is often missing.
Combining behavioural science and information security
When Kahneman won his Nobel prize in 2002, very few people outside academic circles were talking about behavioural economics. Awareness about the topic has grown hugely in the last few years thanks to Kahneman and other experts, including Dan Ariely, who talked about how we can apply behavioural economics to the security industry in his Re-thinking the Human Factor podcast episode.
We’ve been studying this stuff for years and developed the SABC™ approach based on over 8 years’ research. It applies the relevant and latest thinking in behavioural science to our industry. This is absolutely essential when it’s employees that are considered to be the greatest threat to cyber security.
Our approach leverages Nobel-prize winning neuroscience and many other disciplines, which, based on our own assessment, have the potential to have an impact on behavioural outcomes and levels of awareness.
It’s applicable at both a strategic and a tactical level. From the basics, like why you can’t expect people to remember everything you teach them on a Friday afternoon. To the intricate design decisions that will deliver the most effective security awareness program.
We’re often hired as a security awareness partner
We work with some truly dynamic, inspiring professionals who’ve recognised the value of bringing us in as strategic partners to fill their gaps in knowledge and expertise. Our clients invite us is as consultants and work with them for anything from a year up to two or three years. This gives us the time to assess what needs doing and create real change in their info awareness, behaviour and culture.
If you’ve listened to our podcast on How to develop a security culture you’ll have heard how long it can take to change culture. Our guest, Gert Jan Hofstede, explains why changing a culture takes so long. It’s certainly not achievable in a year.
We bring our understanding of behavioural science into your organisation. We start from the top using benchmarking and gap analysis to work out where you are and where you need to get to. It’s important for us to time to understand what you want to achieve. This helps us to set up and embed the processes and structures you need to reach not just your security goals, but your wider business aims too.
Marketers have been applying this theory for years and using their understanding of psychology to get us to make certain buying decisions. Our sector is beginning to catch up and with our help, you can get ahead of the game.
Combining infosec consultancy + comms management
We partner with a number of organisations delivering original and highly creative global and local internal communication programmes and initiatives. And, if you’d like, we can incorporate behavioural insight into the development, design, production and review of these.
As your partner, we can help you set up the right teams and transfer our years of learning and studying. But perhaps more importantly, we bring with us over 20 years’ experience and apply it to the human side of infosec.
This is the bit that lets hackers in through silly mistakes. The bit that means people forget what they’ve learnt, or never learnt it properly in the first place because they were too tired or distracted. Or maybe they’d just had lunch or were making plans for their Friday night out.
Change starts by taking action. Take action now!
Clients often come to us after a data breach. But why wait for the regulator to be breathing down your neck or the threat of a fine before taking action? We have the knowledge and experience many infosec teams lack and can help you now.
If you want to work with an experienced partner who is leading the way in applying behavioural insights to information security, why not set up a no-pressure chat to explore how we could work together? You can contact us here.